The current state of stress testing

Midsized banks face challenges in four key areas of the DFAST process

By Tom Kimner, Head of Global Marketing and Operations, Risk Management, SAS

What if unemployment, interest rates or oil prices spike?
What if GDP, housing markets or equity markets plummet?
What if account holders terminate their instruments or loan holders default?
Will the institution have enough capital?

These questions will continue to keep risk managers awake at night, but not the way they used to. Instead of making educated estimates about liquidity when under pressure, financial institutions have stress testing to statistically predict the impact of possible adverse conditions.

To explore the challenges and best practices of the Dodd-Frank Act stress testing provision (DFAST) stress testing – and to learn what progress banks have made in this area – SAS hosted a June 2015 roundtable event where 10 risk professionals from midsized banks shared their experiences.

It only makes sense for financial institutions to use the stress testing framework to gain deeper insights into the business and balance risks and returns for higher performance.

Many insights from the roundtable were consistent with results from a SAS-sponsored 2015 GARP survey on stress testing practices. Respondents to the GARP (Global Association of Risk Professionals) survey were asked to assess the maturity of their organizations’ resources in four areas: data governance, modeling, scenario management and reporting. In each area, insufficient technology proved to be a factor in stress testing challenges.

For instance, in data governance, only 42 percent agreed or strongly agreed that they had the right technology capabilities, whereas 63 percent reported having the right people and 56 have the necessary institutional expertise. In modeling, only 49 percent were satisfied with their technology, while more than two-thirds of respondents felt they had the right people and expertise. The results were about the same for scenario/process management and reporting – sufficient people and expertise, gaps in the technologies.

Even for banks that are well on their way, adaptation and evolution will be required as the frequency, complexity and disclosure requirements of stress testing continue to grow. The organizations represented in the GARP survey and roundtable cited challenges they face throughout the DFAST process, including:

Managing data. Comprehensive stress testing brings new demands for data provisioning, data consolidation and data aggregation. Everyone involved in stress testing needs to work from the same reconciled data source, as well as have consistent data definitions and a way to map data to a common data hierarchy.

However, many banks have legacy systems that silo data and make it difficult to establish a single, trusted version of the truth across all departments. It can be a struggle to aggregate and consolidate data from disparate systems with inconsistent data definitions and varying levels of granularity. It’s hard enough to ensure data integrity when consolidating across the enterprise; it gets even more complex when folding in external peer-group data for richer analysis and benchmarking.

Manual linkages and disconnected processes throughout the model life cycle, especially in the implementation phase, can lead to model breakdown and erroneous results. It's difficult to maintain model documentation and transparency, especially with black-box models from vendors or models that were developed by people no longer with the bank.

Process management. To comply with current regulations and business requirements, stress testing methodologies and processes must cover the entire enterprise and incorporate results for all legal entities and subsidiaries. That means banks must coordinate efforts among many different departments, including lines of business, risk, finance and treasury. This coordination must also be documented, as regulators often spend as much time auditing the integrity of the stress testing process as they do the calculations themselves.

Aggregation and reporting. Regulatory reports use data aggregated from around the bank, presented in designated templates. Assembling these reports is an iterative process among multiple groups – largely manual and time-intensive as results are consolidated and sent back for review. This process becomes even more cumbersome as banking dimensions change, such as with an acquisition or new business, or when trying to report on both the business and regulatory dimensions.

Stress testing continues to evolve

Having the right technologies in place – preferably integrated systems that make it easy to aggregate, share and reuse a trusted source of data – will be essential to meeting these types of demands. At the same time, the governance and management environment put in place for DFAST processes can – and should – be doing a whole lot more than generating reports for regulators. According to the risk management research firm Chartis:

“At an enterprise level, stress testing is more than regulatory compliance for its own sake. Enterprise-level stress testing is a rapidly evolving area within financial institutions, where the approaches and applications are expanding well beyond the risk measures demanded by regulators. … Firms are already incorporating stress testing results into operational and strategic decisions, and going forward many expect this analysis to be weighted with growing importance, and to be applied in more business planning decisions.”1

It only makes sense for financial institutions to use the stress testing framework to gain deeper insights into the business and balance risks and returns for higher performance. The key is to strategically invest in technology to address core areas of weakness and enable a more efficient, effective and accurate stress testing process, both for regulatory compliance and business decision making.

Closing the technology gaps doesn’t have to involve custom development or cobbling together multivendor solutions. SAS provides a complete integrated stress testing suite of solutions that can also operate as individual components within an existing bank architecture. The SAS® Stress Testing suite includes three complementary offerings:

A risk modeling workbench to enable banks to establish a structured modeling process.

A model implementation platform that offers a controlled environment where complex systems of loan-level risk models can be implemented very quickly and transparently.

A web-based process workbench that provides a central hub from which banks can manage the various aspects of the stress testing process and consolidate results from disparate systems.

The suite will enable fast implementation at lower cost and better, centralized coordination of the stress testing process for managers and analysts alike.